Fix Polyglot Detection for Tauri+TS and Ruby+JS Projects
The polyglot language detector has two gaps that produce trust-killing misclassifications on real customer repos:
verdict PASSscore 19 / 19findings 7 (0 risk · 2 debt · 5 obs)duration 1h 11mrejection cycles 0shipped May 20, 2026surface cli
Pipeline timeline
Intent to proven code in 1h 11m across Think, Plan, Build, and Verify.
Think4m
Plan13m
Build4m
Verify6m
Assertion ledger
19 claims, each independently verified. Showing 8 — show all →
| ID | Says | Matcher | |
|---|---|---|---|
| A001 | A Tauri monorepo with pnpm workspace detects as a TypeScript project | verified | ok |
| A002 | Tauri monorepo detection has high but not maximum confidence | verified | ok |
| A003 | Tauri monorepo detection includes the pnpm workspace file as evidence | verified | ok |
| A004 | A Rust workspace without Tauri still detects as Rust | verified | ok |
| A005 | A Tauri project without pnpm workspace correctly stays Rust | verified | ok |
| A006 | Pure Tauri desktop app keeps Rust confidence | verified | ok |
| A007 | A Ruby on Rails project with package.json detects as Ruby | verified | ok |
| A008 | Ruby detection with lockfile has high confidence | verified | ok |
Findings 7 total
debtpackages/cli/src/engine/detectors/projectType.ts→ closed
Stale docstring — says 'Python → Go → Rust → Ruby → PHP' but polyglot tier order is Python → Rust → Ruby → Go
obspackages/cli/src/engine/detectors/projectType.ts→ closed
indexOf('\n[') section boundary misses header at position 0 of sliced block — inherited from hasPythonProjectDeps pattern
obspackages/cli/src/engine/detectors/projectType.ts→ closed
Tauri discriminator omits Cargo.toml from indicators — downstream consumers can't tell Rust is present
obspackages/cli/src/engine/detectors/projectType.ts→ monitor
Ruby detection is existence-only — no Gemfile content analysis, so a Gemfile with only dev gems still triggers Ruby
debtpackages/cli/tests/engine/detectors/polyglot.test.ts→ closed
Tag collision — @ana IDs A001-A019 used by both old contracts and this contract in same file, creating ambiguity for tooling
+2more findings
Integrity seal
scopesha256:a3ddedc3c63fe...
contractsha256:d033dee05b38b...
plansha256:eccacd455a7dc...
specsha256:5fac00b644acb...
build-reportsha256:003367411f90a...
build-datasha256:fe9e41b6e9ce4...
verify-reportsha256:f39c6bc919b81...
verify-datasha256:c8a1f3bb4dd5e...
audit cmd$ ana proof audit fix-polyglot-rust-ts-ruby → all hashes match